Description
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if winvnc needs to be started as a service.
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://github.com/bowtiejicode/UltraVNC-DSMPlugin-LPE
Patch, Third Party Advisory
https://github.com/ultravnc/UltraVNC/commit/36a31b37b98f70c1db0428f5ad83170d604fb352
Third Party Advisory
https://github.com/ultravnc/UltraVNC/security/advisories/GHSA-3mvp-cp5x-vj5g
Scores
CVSS v3
8.8
EPSS
0.0026
EPSS Percentile
17.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (1)
uvnc/ultravnc
< 1.3.8.1
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026